[security-dev] IDM: Support for XML configuration

Marek Posolda mposolda at redhat.com
Fri Jan 18 12:02:36 EST 2013 

Hi,

I've started the work on XML based IDM configuration and sent first PR 
related to this https://github.com/picketlink/picketlink/pull/38

What I did so far is:
1) Created Java classes for types which are used to XML-Java mapping. 
For now, I added those classes into "picketlink/federation" module into 
package "org.picketlink.identity.federation.core.config.idm" .

Only reason to have them in federation is, that they need to be visible 
from class PicketlinkType, which is part of Federation module. (It was 
agreed that we will use big picketlink.xml, which will contain 
configuration of all picketlink components together). Seems that we need 
to extract some stuff related to XML parsing from federation module into 
config module, as currently "config" module is dependent on "federation" .

2) I've made STAX based XML parsing in config module. See 
IDMConfigParser and unit test IDMConfigParserTestCase

3) I've added some temporary reflection based hack to 
PicketlinkConfigParser, so it can instantiate IDMConfigParser from 
"config" module and use it. This needs to be done more properly once/if 
we extract XML parsing stuff from "federation" module to "config" module 
(mentioned in point 1)

4) I've added class XMLBasedIdentityManagerProvider to IDM. It will be 
used to build IDM IdentityManager from parsed XML configuration. Not 
much work done here atm. I am planning to  use reflection based classes 
from IDM module to help with this.

Let me know if there are some questions/concerns around this.

Thanks,
Marek


On 17/01/13 14:48, Anil Saldhana wrote:
> Marek,
>     wait for me to create the xml config module.  Migration of classes
> need to maintain history.
>
> Regards,
> Anil
>
> On 01/17/2013 07:43 AM, Marek Posolda wrote:
>> On 17/01/13 01:27, Shane Bryzak wrote:
>>> I would suggest we develop an XML based configuration in its own
>>> submodule, we can probably call it picketlink/xml-config and it can
>>> simply implement the configuration interfaces we have defined in the idm
>>> submodule and other submodules.
>> I am trying to extract some stuff related to parsing from
>> picketlink/federation to new picketlink/xml-config module. However there
>> are some related problems as some classes referenced from those needs to
>> import other classes etc.
>>
>> So I am thinking also about creating some common module (like
>> picketlink/common) which will contains some common util classes needed
>> by all other picketlink projects. Typical example of such class could be
>> org.picketlink.identity.federation.core.util.StringUtil , which contains
>> some very common utils for working with strings . What do you think?
>>
>> Marek
>>
>>> Marek if you want commit access to work
>>> on this please let me know and I'll get you set up, and I'm also more
>>> than happy to provide input on the requirements.
>>>
>>> On 17/01/13 10:16, Anil Saldhana wrote:
>>>> Marek,
>>>>        we need an xml configuration for IDM. We have not started with it.
>>>> We will be using Stax parsing (and not JAXB).  The xml configuration
>>>> will be used by users if they incorporate idm (and nothing else from the
>>>> PL stack).
>>>>
>>>> For the project PicketLink, we need one xml configuration file (if an
>>>> user wants) - authentication,authorization,federation,social, idm etc
>>>> can be configured in one file. For this, we will be extending the
>>>> federation 2.1 stax parsing to encompass the other components. We have
>>>> picketlink.xml as the config file in 2.x
>>>>
>>>> Integrating projects such as RESTEasy, JBoss AS, GateIn etc will have
>>>> their own configuration that deals with the IDM configuration API directly.
>>>>
>>>> Regards,
>>>> Anil
>>>>
>>>> On 01/16/2013 05:03 PM, Marek Posolda wrote:
>>>>> Hi,
>>>>>
>>>>> I am seeing in IDM testsuites that currently there is support only for
>>>>> programmatic IDM configuration. Is there some plan to build IDM
>>>>> IdentityManager also from XML configuration? Maybe I can start on it
>>>>> if nobody else is working on it?
>>>>>
>>>>> I am adding some example configuration file into attachment with some
>>>>> proposal how it could possibly looks like. Note that nothing is final
>>>>> and some things are still missing (especially configuration of realms,
>>>>> tiers etc.)
>>>>>
>>>>> What do you think?
>>>>>
>>>>> Thanks,
>>>>> Marek
>>>>>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list